Ewon Security Enhancement (FW 11.2s2)
eWON reference: Webserver - eWON authentication mechanism improvement
Affected devices: All
Affected firmware versions: All
Description:
A non-authenticated user could get access in read only to some eWON device information.
Mitigation Factors:
As a rule, we recommend:
- to avoid making eWONs devices being directly reachable from non-trusted user by using a firewall and an access control policy.
- for remote access, use a secure remote access solution like Talk2M.
Solution:
Install the last firmware version. This has been fixed as from version 11.2s2.
Discovered by: M. Pogliani, D. Quarta, M. Polino, S. Zanero, F. Maggi - Politecnico di Milano